fcda68d2fa02bb2bb763b8b460aa4c487f6d17670f8177f9a2447e643fb2cd4c

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
05/07/2024, 04:44

Target

2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe
Size

507KB
MD5

a00a34fd05e2621a1a5514f51f2f9fed
SHA1

1f39326ec6ae8734995b0e187a1ddf8d36ccde2f
SHA256

fcda68d2fa02bb2bb763b8b460aa4c487f6d17670f8177f9a2447e643fb2cd4c
SHA512

f66a9801dfef20654e6573f6242cfe6c1ad4c6a0683854aca1355fff40bba105aa2f15ee40c552ecd60bb20bc1562bf505386b0bb28c2ff3b94f1b3e6dc93a31
SSDEEP

12288:ayjoBI0TOBkmRk6M8a6XwnfgdBOcs1mW:1jTOOBkmi6Ha6XwodBOcN

Score

7^/10

Executes dropped EXE 4 IoCs

Loads dropped DLL 6 IoCs

pid	Process
2312	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe
2312	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe
2908	ketidewiqka.exe
2908	ketidewiqka.exe
2796	nsry4ag2bhpzheetuyo3w.exe
2796	nsry4ag2bhpzheetuyo3w.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rkzvesaqtdq\dyhwrja	ketidewiqka.exe
File created	C:\Windows\rkzvesaqtdq\dyhwrja	ylnsruuxdcbc.exe
File created	C:\Windows\rkzvesaqtdq\dyhwrja	ketidewiqka.exe
File created	C:\Windows\rkzvesaqtdq\dyhwrja	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe
File created	C:\Windows\rkzvesaqtdq\dyhwrja	nsry4ag2bhpzheetuyo3w.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2796	2312	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe	30
PID 2312 wrote to memory of 2796	2312	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe	30
PID 2312 wrote to memory of 2796	2312	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe	30
PID 2312 wrote to memory of 2796	2312	2024-07-05_a00a34fd05e2621a1a5514f51f2f9fed_bkransomware.exe	30
PID 2908 wrote to memory of 2748	2908	ketidewiqka.exe	32
PID 2908 wrote to memory of 2748	2908	ketidewiqka.exe	32
PID 2908 wrote to memory of 2748	2908	ketidewiqka.exe	32
PID 2908 wrote to memory of 2748	2908	ketidewiqka.exe	32
PID 2796 wrote to memory of 2580	2796	nsry4ag2bhpzheetuyo3w.exe	33
PID 2796 wrote to memory of 2580	2796	nsry4ag2bhpzheetuyo3w.exe	33
PID 2796 wrote to memory of 2580	2796	nsry4ag2bhpzheetuyo3w.exe	33
PID 2796 wrote to memory of 2580	2796	nsry4ag2bhpzheetuyo3w.exe	33

C:\rkzvesaqtdq\dyhwrja

Filesize
12B

MD5
af442c287fc5f45679fb442d63be6282

SHA1
09c5af2c5d47e4bf44f73f7799614acc8f5f9758

SHA256
898304f9adf6eaae130c0de00f30296e20eed3a2c235afd098062e6e2d61e015

SHA512
609d704c83deeb270b74c73622c3ed3d114a6456d55270f16e36248ed364196bc6c45b4192e4041c6814bca0489a4e907bde2dc25b20ff93db332a005ca4f9b4

Download Submit
\rkzvesaqtdq\nsry4ag2bhpzheetuyo3w.exe

Filesize
507KB

MD5
a00a34fd05e2621a1a5514f51f2f9fed

SHA1
1f39326ec6ae8734995b0e187a1ddf8d36ccde2f

SHA256
fcda68d2fa02bb2bb763b8b460aa4c487f6d17670f8177f9a2447e643fb2cd4c

SHA512
f66a9801dfef20654e6573f6242cfe6c1ad4c6a0683854aca1355fff40bba105aa2f15ee40c552ecd60bb20bc1562bf505386b0bb28c2ff3b94f1b3e6dc93a31

Download Submit